Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-49047

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

Astra Linux - уязвимость в postgresql-11

A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...

NGINX ngx_http_rewrite_module vulnerability

...

SL5 Standard for AI Security

Security Level 5 SL5 is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology...

CVE-2026-29642

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

Exploring the Drivers of Information Security Policy Compliance among Contingent Employees: A Social, Deterrent, and Involvement-Based Approach

As institutions increasingly depend on Information Systems ISs, ensuring compliance with Information Systems Security Policies ISSPs is critical, especially among contingent employees, whose engagement differs from that of permanent staff. This study examines how Subjective Norm, Deterrence...

Integrating Public Input and Technical Expertise for Effective Cybersecurity Policy Formulation

The evolving of digital transformation and increased use of technology comes with increased cyber vulnerabilities, which compromise national security. Cyber-threats become more sophisticated as the technology advances. This emphasises the need for strong risk mitigation strategies. To define stro...

MAL-2025-133782 Malicious code in gita-ikan31-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefba10b100ad5a3a3587a6978a44a45db55b481d96a9a8d0c908cbe091c83b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2025-40109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it. CVE-2025-40109 Note that Nessus relies on the presen...

EUVD-2006-4454

Malware in sbrugna...

CVE-2025-39915

In the Linux kernel, the following vulnerability has been resolved: net: phy: transfer phyconfiginband locking responsibility to phylink Problem description =================== Lockdep reports a possible circular locking dependency AB/BA between &pl-statemutex and &phy-lock, as follows...

Linux Distros Unpatched Vulnerability : CVE-2025-8277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory durin...

Trump Administration and Big Tech want you to share your health data

US President Donald Trump announced a loose plan Wednesday to allow Americans to voluntarily upload and port their medical records across hospitals, clinics, technology companies, and health apps, with broad participation from Google, Apple, OpenAI, Amazon, and more. While the system could help...

CBP's Predator Drone Flights Over LA Are a Dangerous Escalation

Customs and Border Protection flying powerful Predator B drones over Los Angeles further breaks the seal on federal involvement in civilian matters typically handled by state or local authorities...

Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4

Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces…...

Smokeloader Users Identified and Arrested in Operation Endgame

Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more...

PT-2025-28134 · Git +1 · Liblouis

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from an unknown write issue discovered through OSS-Fuzz. The crash state indicates involvement of the lou handlePassVariableAction...

Stable Channel Update for Desktop

The Stable channel has been updated to 133.0.6943.98/.99 for Windows, Mac and 133.0.6943.98 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept restrict...

CVE-2025-23222

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...